WTF is a Managed Firewall?
-
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
from https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
Yeah... all straightforward, common sense, appropriate stuff that would qualify as serious negligence regardless of PCI.
how?
Well - according to Scott - these are pretty much common sense things, and not doing them while claiming to be an IT professional would be professional negligence.
oh, I understand that.
It's common sense ; -
@WrCombs said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
from https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
Install and maintain a firewallThat's the requirement
Exactly as you would expect it to say... nothing stupid like "Managed Firewall".
-
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
from https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
Yeah... all straightforward, common sense, appropriate stuff that would qualify as serious negligence regardless of PCI.
how?
All of the requirements, the real ones, are low effort, easily accomplished, and have no political agenda. They result in straight security practices, not in pushing you to specific vendors, products, etc. Nor do they encourage odd or bad behaviour. They are simple, and basic allowing you room to interpret based on what would actually be good security for your specific environment.
-
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
from https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
Yeah... all straightforward, common sense, appropriate stuff that would qualify as serious negligence regardless of PCI.
how?
All of the requirements, the real ones, are low effort, easily accomplished, and have no political agenda. They result in straight security practices, not in pushing you to specific vendors, products, etc. Nor do they encourage odd or bad behaviour. They are simple, and basic allowing you room to interpret based on what would actually be good security for your specific environment.
Oh yeah, that makes sense.
-
Check out Fortigate product. FortiNet offers documentation on setup of their firewalls for PCI DSS compliance:
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-compliance/PCI-DSS.htm?Highlight=PCI
They office a subscription service whereby they manage patches/updates for their firewalls as well as monitoring (specifically, Logging, to me it really isn't monitoring) in order to match the "managed firewall" checkbox. Now, I only have a little experience with Fortigate's as we just installed one in our data center as we have a customer requesting us to be compliant (for no apparent reason other than they want us to be, we do not store credit card data and do any processing via https web site)